{"vuid":"VU#125228","idnumber":"125228","name":"HP System Management Homepage vulnerable to cross-site scripting","keywords":["XSS","HP","CWE-79"],"overview":"HP System Management Homepage versions 7.2.3 and 7.3.2.1 contain a reflected cross site scripting vulnerability.","clean_desc":"CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - CVE-2014-2640\nHP System Management Homepage versions 7.2.3 and 7.3.2.1 contain a reflected cross site scripting (XSS) vulnerability. The reflected XSS is found in the red2301.html page's vulnerable RedirectUrl parameter.","impact":"A remote unauthenticated attacker may be able to execute arbitrary script in the context of the end-user's browser session.","resolution":"Apply an Update Windows Server 2003 users should update to System Management Homepage version 7.2.4. All other users should update to System Management Homepage 7.4. Please refer to HP's security bulletin for more information.","workarounds":"","sysaffected":"","thanks":"Thanks to Jakub Pałaczyński for reporting this vulnerability.","author":"This document was written by Todd Lewellen.","public":["https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04463322","http://seclists.org/bugtraq/2014/Oct/4"],"cveids":["CVE-2014-2640"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2014-07-08T12:57:22Z","publicdate":"2014-09-30T00:00:00Z","datefirstpublished":"2014-10-03T13:48:11Z","dateupdated":"2014-10-03T13:48:14Z","revision":18,"vrda_d1_directreport":"1","vrda_d1_population":"2","vrda_d1_impact":"2","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"L","cvss_authentication":null,"cvss_confidentialityimpact":"P","cvss_integrityimpact":"P","cvss_availabilityimpact":"--","cvss_exploitablity":null,"cvss_remediationlevel":"ND","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"L","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"6.4","cvss_basevector":"AV:N/AC:L/Au:N/C:P/I:P/A:--","cvss_temporalscore":"5.8","cvss_environmentalscore":"1.44515688975","cvss_environmentalvector":"CDP:ND/TD:L/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}